chglogon[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

chglogon.exe
Size

23KB
MD5

96c637283d92573c121b34513c267987
SHA1

1556fdc9ee7e3f8c8729932e0d5e660dfd69cc53
SHA256

a9cc2b03783896c6596d8f4e4cc3db555a9096264bc8253478d1f0f0fbb2b74b
SHA512

a7aa96670c2b1a2cf8511c4bef0f2742fa3e2bbe8b797d380652b8bc8d57182fc97fe1fb41b6de3279febdfec9af280c7c9df9641be0685ffb90219caf68dff2
SSDEEP

384:aoE7WrAWCBk4MAQhI/CtoeT5nj1Z8YuB+rtNsN7uEGVEkGuRVHIhjkKWiEW:aoSPW2k4MAQhI/n2h1Z8Ye+tiuD/0km

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
chglogon.exe

Files

chglogon.exe
.exe windows x64

39cdc867b4449192c880f526495b2b10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

LoadStringW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
VerSetConditionMask
RtlVirtualUnwind

kernel32

GetConsoleOutputCP
SetThreadUILanguage
RegOpenKeyExW
LocalAlloc
RegSetValueExW
GetVersionExW
RegCreateKeyExW
HeapSetInformation
LocalFree
RegCloseKey
SetLastError
GetStdHandle
MultiByteToWideChar
FormatMessageW
GetLastError
GetCurrentThreadId
LoadLibraryW
WriteConsoleW
GetModuleHandleW
FreeLibrary
GetFileType
GetCommandLineW
VerifyVersionInfoW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
RegQueryValueExW
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTickCount
GetCurrentProcess
Sleep
UnhandledExceptionFilter

regapi

RegGetMachinePolicyNew

msvcrt

wcscpy_s
wcscat_s
vswprintf_s
wcschr
free
vfwprintf
fwprintf
malloc
wcstol
wcstoul
_wcsnicmp
_wcsdup
_wsetlocale
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
?terminate@@YAXXZ
swprintf_s
_wtoi
setlocale
__iob_func
memmove
_ultoa
_wcslwr
memset

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39cdc867b4449192c880f526495b2b10

Headers

DLL Characteristics

File Characteristics

Imports

user32

ntdll

kernel32

regapi

msvcrt

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 5KB

.pdata Size: 1024B - Virtual size: 516B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 68B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 5KB

.pdata
Size: 1024B - Virtual size: 516B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 68B